Thelen LLP is a leader in the areas of data privacy and data security law, as well as areas related to the use of personal information for direct response marketing, both through traditional means and through existing and emerging technologies.
Privacy and Marketing
In the privacy arena, Thelen regularly assists clients in implementing both internal and customer-facing privacy, data security, and direct marketing policies that are compliant with applicable state and federal laws, and that meet their marketing, sales, and other business needs. Our expertise in the area of privacy also includes human resources and workplace privacy issues and other employment-related privacy issues (such as employer-employee rights, employee surveillance, monitoring, HR data disposal and destruction rules, and biometrics in the workplace). Of course, we regularly assist our clients in addressing federal and state spam, SMS, telemarketing, fax, and similar laws regulating commercial correspondence, including state child "do-not-contact" registry laws. Thelen also has extensive experience in assisting clients in complying with the Children's Online Privacy Protection Act ("COPPA") with regard to their web sites that are directed to children, and with ensuring that a non-child-oriented web site is not inadvertently covered by COPPA's requirements.
We bring to the table experience, creativity, and a desire to enable our client's business purposes. We are involved with and routinely advise clients regarding efforts by the Federal Trade Commission and state attorneys general to challenge companies' alleged unlawful privacy, data security, and marketing practices. Our involvement includes advising and defending claims, both criminal and civil, regarding unlawful amendments to company privacy policies, inadequate security measures, unauthorized placement or use of files on consumer hard drives (such as adware, spyware, and malware), direct marketing, targeted advertising, search engine privacy, consumer profiling, and data sharing. When clients experience problems in these areas, we work efficiently and practically with our clients and applicable regulators to assist in responding to subpoenas and civil investigative demands, and bringing the matter to a satisfactory resolution. Our work in these areas pertains to both "online" and "offline" activities, and often involves the intersection of online and traditional medias.
Data Security
In the area of data security, we regularly work with our clients to create and implement data security strategies and policies. More often than not, we assist our clients in devising a security breach response plan before there is an incident, allowing for a quick and efficient response in the event of an actual incident, and mitigating the actual damage suffered by our client and their customers. In the unfortunate event of an actual or apparent breach of security, we advise clients on how to best respond to such incidents, while both protecting our client's reputation and ensuring their compliance with federal and state laws and industry standards (such as the Payment Card Industry (PCI) Data Security requirements) that regulate security breach notification and response. We also assist our clients in addressing threats to their customer's security from malicious activities such as phishing, pretexting and other means of identity theft, and we help our clients with their data retention and data disposal policies.
Special Privacy Niches
Thelen's clientele includes companies from a wide range of industries. As a result, we advise clients on a range of industry-specific privacy and data security issues. For example, Thelen represents both financial institutions and companies that provide services to financial institutions regarding compliance with the financial privacy and data protection requirements of the Gramm-Leach-Bliley Act ("GLB "). We advise companies that either issue or use consumer credit information regarding compliance with the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act. We also advise clients on the health-related information privacy requirements of the Health Insurance Portability and Accountability Act ("HIPAA"). We advise clients regarding emerging technologies such as radio frequency identification ("RFID") technology. We assist clients who are in the cable industry with compliance with the Cable Privacy Act, and we assist our clients who are in the video or DVD sales/rental business with compliance with the Video Privacy Protection Act. We assist our clients who are retailers of consumer products or services with compliance with various state consumer protection privacy statutes. We assist our retail clients who accept payment by credit card with negotiating credit card merchant agreements and complying with the Payment Card Industry (PCI) Data Security requirements. We also frequently advise our clients on the application of the Computer Fraud and Abuse Act ("CFAA"), the Wiretap Act and the Electronic Communications Privacy Act ("ECPA"), in the context of privacy issues.
Privacy in Outsourcing
In the context of our premier outsourcing practice, we adeptly navigate our clients through the complicated issues of privacy and data security when outsourcing data processing within the U.S. and abroad, among other things, ensuring that sensitive data will be protected by applicable law or by contract.
State Laws
More and more states, often led by California, are continuously enacting state laws that impose obligations on companies to protect the privacy and security of consumer data. In many cases, these state laws purport to apply to out-of-state entities. We keep our clients up to date on these state laws and assist them in maintaining compliance. For example, as state laws continue to sprout throughout the country regarding the collection, use, disclosure, security, disposal, and destruction of personal data, such as payment card data and social security numbers, we assist our clients in devising one internal policy that provides for compliance with all, or any subset, of the applicable state laws.
International
Internationally, Thelen literally "covers the globe" on privacy. For example, we regularly advise clients with respect to the European Commission's Personal Data Directive and the implementing legislation of the member nations, as well as privacy laws in other countries such as Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"). Through our worldwide network of local foreign privacy experts, we are able to assist our clients in compliance with privacy and data protection laws in virtually all countries, including those composing the European Economic Area and Latin and South America, as well as Canada, Australia, Japan, Israel, China, and India. Where the European Directive is involved, we assist in enabling U.S. companies to receive personal information from Europe in compliance with the Directive by implementing corporate policies sanctioned by the European Commission's data protection authorities, putting in place inter-company agreements between U.S. companies and European data exporters, and joining the "Safe Harbor" program developed by the U.S. Department of Commerce in conjunction with the European Commission. Most importantly, Thelen has the experience necessary to assist its U.S. clients in selecting between these and other various means of receiving personal data from European affiliates and unaffiliated companies under the Directive, and evaluating the pros and cons of each. When our clients wish to do business seamlessly throughout the globe, or throughout a good portion of the globe, we assist them in devising a legally compliant means of global data flow among affiliates and business partners worldwide.
Clientele
Active clients of our Privacy and Data Security practice include Fortune 50 international corporations, top-tier software and technology vendors; publishing companies; entertainment and media companies; leading financial, health care, and insurance firms; traditional goods and services providers; and well-known e-commerce concerns.
Sixty Seconds of Privacy™ e-Newsletter
We publish a periodic e-mail newsletter that updates clients and friends of the firm on important legal developments in the areas of privacy, data security, and direct marketing.
International Association of Privacy Professionals
Thelen is a corporate member of the International Association of Privacy Professionals (IAPP). Through the IAPP and other networks, members of the Privacy and Data Security practice maintain contacts throughout the privacy and data security industry, and are often able to refer clients to best-of-breed providers of related services such as computer forensics companies, security consultants, and e-mail service providers.
Hartford Los Angeles New York Northern NJ San Francisco Shanghai Silicon Valley Washington, DC
Affiliated Sites
www.constructionweblinks.com |
www.technologylawupdate.com |
www.climatelawupdate.com
Copyright ©
